Topics

Reason's accident causation model

The "Swiss-cheese model" is a widely adopted model in human factors for explaining accident causation. The model has taken on different representations over the years. Images 1 & 2 seem to be the representation most often seen in healthcare. "The Swiss cheese model hypothesises that in any system there are many levels of defence, such as checking of drugs before administration, a preoperative checklist or marking a surgical site before an operation. Each of these levels of defence has little 'holes' (known as 'latent conditions') in it which are caused by poor design, senior management decision-making, procedures, lack of training, limited resources, etc. If latent conditions become aligned over successive levels of defence they create a window of opportunity for an incident to occur. They also increase the likelihood of making 'active errors'. When a combination of latent conditions and active errors breaches all levels of defences, a patient safety incident occurs." (paraphrased from Carthey & Clarke, 2010, p.61).

This current version of the model is different from the first version in several aspects (see an adapted version of this first version as image 3):

Firstly, it has adopted a more "cheesy" look, thus exploiting the potential for easy remembering and its use as a convenient heuristic. And yet these "cheese" slices have lost any description, making the model rather simplistic and of little practical relevance as, in principle, anything can be a layer of defence.

Secondly, all layers in the model have become defences. In the first model, defences referred to physical, procedural, administrative or other barriers set up to capture active errors. Although the idea of all layers being defences is not in itself inadequate, it has rested importance to those last defences in depth that can be designed between an active error and its consequences.

Thirdly, the current version has also lost the hierarchical depiction of a system, substituting it for a more horizontal depiction. This horizontal depiction describes a process or a department better, and rests importance to the role of the systems' hierarchy. While the first version explained well how an operator may inherit errors made at higher echelons in the hierarchy (culture, decision-makers, managers, etc), the current version unwittingly places responsibility for safety back on single hierarchical layers (typically, the operators'), wipping out the contribution that a systems approach has made over the last decades.

Productive activities. These refer to actual performance at operational levels.

Defenses. These refer to safeguards and other protections that deal with foreseeable negative outcomes, for example by preventing such outcomes, protecting the workforce and machines, etc.

Accidents occur because weaknesses or 'windows of opportunity' exist or, else, open up at all levels in the system, allowing a 'chain of events' to start at the upper echelons of the structure and move down, ultimately resulting in an accident if it is not stopped before such thing occurs. Said otherwise, most (if not all) accidents can be traced back to weaknesses at all levels in the system, including the decision makers level. (Perezgonzalez et al, 20112.)